SourceCodester Sales Tracker Management System view_client.php sql injection
CVE-2023-1290

9.8CRITICAL

Key Information:

Vendor

SourceCodester
Status
Sales Tracker Management System
Vendor
CVE Published:
9 March 2023

What is CVE-2023-1290?

A SQL injection vulnerability has been identified in the Sales Tracker Management System 1.0. This flaw resides in the file admin/clients/view_client.php, where improper input validation on the 'id' argument allows attackers to manipulate queries executed by the database. This type of attack can be launched remotely, posing a significant risk to data integrity and confidentiality. The exploit has been publicly disclosed, making it crucial for users of this software to apply security measures and updates promptly.

Affected Version(s)

Sales Tracker Management System 1.0

References

https://vuldb.com/?id.222644
vdb-entrytechnical-description
https://vuldb.com/?ctiid.222644
signaturepermissions-required
https://github.com/Mart1nD0t/vul-test/blob/main/sts-1.md
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yangxuelin (VulDB User)
.